what is risk
The formal definition of “risk” is: Exposure of someone (or some object) to harm, damage or loss. In Information Assurance, information security and IT, risk has a pseudo equation to put value on the risk.
Risk = ((Vulnerability * Threat) / Countermeasure) * Asset Value at Risk IT Risk
Risk is the likelihood that a threat will exploit the vulnerability of an assets value.
So in IT, the question what is risk? is defined with a “threat”, a “vulnerability” and a “asset”. If any one of these factor is missing, you cannot define or quantify the risk at all.